Educause Security Discussion mailing list archives
Re: Fake Student Applications/Registrations
From: "Von Welch (Work)" <von () VONWELCH COM>
Date: Fri, 24 Jul 2020 16:47:47 -0400
Nathan, In addition to .edu email addresses, I’ve seen cases of attackers fredulently getting EDU accounts and abusing those accounts through federated identity, e.g. InCommon, to abuse remote resources that are open to higher ed users. If your organization is an InCommon IdP, I suggest checking with your IdP operator (probably in your IdM group), for signs of outgoing abuse. Best, Von -- Von Welch Director and PI, NSF Cybersecurity Center of Excellence / trustedci.org Director, Center for Applied Cybersecurity Research / cacr.iu.edu Executive Director Cybersecurity Innovation / Indiana University Associate Director, Pervasive Technology Institute / pti.iu.edu vwelch () iu edu / (812) 856-0363
On Jul 24, 2020, at 4:08 PM, Wesolowski, Nathan R. <Nathan.Wesolowski () NWTC EDU> wrote: Hello everyone, this is my first time posting here. Since last weekend we have observed an unusually high number of new student applications/registrations containing fake information. After investigating, I discovered that our College was recently featured on a Chinese blog. The blog’s “educational welfare” category lists dozens of other colleges and universities, along with step-by-step details for obtaining free accounts/email addresses - hxxps://404edublog.cf/ <https://404edublog.cf/>. It is obvious that these scammers are after a .EDU email address. With the ongoing COVID situation, we have waved or postponed certain fees in an attempt to reduce any registration barriers. I believe that this is contributing to our problem. While we have tools in place to help us identify and remove fake identities, I am curious to know what others have done about this problem. Thanks, Nate Nate Wesolowski Information Security Analyst Northeast Wisconsin Technical College 2740 W. Mason Street Green Bay, WI 54307 O 920.498.6943 | T 800-422-NWTC nate.wesolowski () nwtc edu <mailto:nate.wesolowski () nwtc edu> | nwtc.edu <https://www.nwtc.edu/> <image001.jpg> CONFIDENTIALITY: This e-mail (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this e-mail in error, please notify the sender and delete this e-mail from your system. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://www.educause.edu/community>
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: Fake Student Applications/Registrations Wesolowski, Nathan R. (Jul 24)
- Re: Fake Student Applications/Registrations Von Welch (Work) (Jul 24)
- Re: Fake Student Applications/Registrations Tomassetti, Tina (Jul 27)
- Re: [EXTERNAL] Re: [SECURITY] Fake Student Applications/Registrations James Valente (Jul 28)